On Fri, Apr 13, 2012 at 9:53 PM, Éric Araujo e...@netwok.org wrote:
bugs.python.org already sanitizes the ok_message and Ezio already posted a
patch to the upstream bug tracker, so I don’t see what else we could do.
I am +1 with Glyph that XSS protection in Roundup is an unreliable
hack. Ezio's
Are there any good small Python libraries for making HTML safe out there?
http://goo.gl/D6ag1
Just to make sure that devs are aware of the problem, which was
reported more than 6 months ago, gain some traction and release fix
sooner. I am not sure what can you do with a stolen bugs.python.org
On Fri, Apr 13, 2012 at 9:23 PM, anatoly techtonik techto...@gmail.com wrote:
Are there any good small Python libraries for making HTML safe out there?
http://goo.gl/D6ag1
Just to make sure that devs are aware of the problem, which was
reported more than 6 months ago, gain some traction and
bugs.python.org already sanitizes the ok_message and Ezio already posted
a patch to the upstream bug tracker, so I don’t see what else we could do.
Also note that the Firefox extension NoScript blocks the XSS in this case.
Regards
___
Python-Dev
